On March 22, the Cyberspace Administration of China (CAC) released the second edition of the “Guidelines for Applying for Cross-Border Data Transfer Security Assessment” and the “Guidelines for Applying for Filing of the Standard Contract for Cross-Border Transfer of Personal Information”. These guidelines aim to provide guidance to enterprises for ensuring data export compliance.
China has recently introduced several regulations in the field of cross-border data transfer, including the “Measures for Security Assessment of Cross-Border Data Transfer”, “Measures for Standard Contract of Cross-Border Transfer of Personal Information”, and “Regulations to Promote and Regulate Cross-Border Data Flows”. The core requirements of these regulations are:
- Relevant actors must apply for cross-border data transfer security assessment in certain situations stipulated;
- When transferring abroad personal information through a standard contract signed with the overseas recipient, the contract should be filed with the provincial cyberspace authorities.
To implement the cross-border data transfer security assessment and the cross-border personal information transfer contract filing schemes, CAC has previously released the first editions of these guides in August 2022 and May 2023. The newly released documents thus consist of updated versions of the guidelines: these reduce further the compliance burden for companies transferring data outside of China, by narrowing the scope of the cross-border data transfer security assessment scheme, and by simplifying the materials that data processors need to submit.
Please refer to the link below for the specific text of these documents in Chinese.
